Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program
A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac.
Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all sensitive data stored in the Keychain app.
Henze said he decided to reveal the details to Apple because the bug "is very critical and because the security of macOS users is important to me."
After Henze released the video in early February, Apple's security team reached out to him, but the researcher said he wouldn't disclose the details without a cash reward, arguing that discovering the vulnerabilities takes time.
"Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.
Related Stories
Black Friday 2021 has kicked off, and you can now get some of the year's best deals on numerous Apple products. In this article we're providing a quick summary of all the best sales we've seen so far this season. For more on the best sales happening this week, visit our Black Friday Roundup.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
Apple recently updated its website to indicate that an upcoming iOS 15 and watchOS 8 feature that will let you add your driver's license or state ID to your iPhone and Apple Watch in participating U.S. states has been delayed until early 2022. Apple previously said the feature would launch in late 2021.
In September, Apple said Arizona and Georgia would be among the first states to introduce ...
Amazon is now matching Walmart's price on the AirPods Pro with MagSafe, available for $159.00, down from $249.00. These are shipped and sold directly from Amazon, and in stock now.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Stock may begin dwindling soon, ...
Apple's AirPods Pro with the new MagSafe Charging Case is now available for its lowest ever price thanks to Black Friday sales.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
The limited-time deal is available at both Amazon and Walmart, which are both...
Microsoft has declined to make a version of Windows 11 available for Apple's M1, M1 Pro, and M1 Max Macs that are built on an Arm architecture, and now we may know the reason - a secret exclusivity deal with Qualcomm.
Subscribe to the MacRumors YouTube channel for more videos. According to XDA-Developers, Arm-based Windows has only been made available on devices with Qualcomm SoC's because of ...
Update November 23: This deal is now also available at Amazon. Black Friday is officially in full swing this afternoon, with the launch of one of the first major discounts at Walmart. There you can get Apple's AirPods Pro with MagSafe Charging Case for just $159.00, down from $249.00. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
Every so often, MacRumors videographer Dan rounds up some of his favorite home products that he's been using. We have another installment of our HomeKit series, this time featuring devices from Lutron, Belkin, Sonos, and more.
Subscribe to the MacRumors YouTube channel for more videos. You can see everything in action in the video, and we have links and a short description for the HomeKit...
Monday November 22, 2021 10:39 am PST by
Sami FathiSpotify users are growing impatient with the music streaming giant over its lack of HomePod support, pushing several customers to the brink of canceling their subscriptions entirely and moving to alternative platforms, such as Apple Music.
More than a year ago, at the 2020 Worldwide Developers Conference, Apple announced that it would be adding third-party music service support to HomePod. A ...
Top Rated Comments
Thank you, Linus.
Now, Apple, listen to the people, and start bug bounty program.